CN105827652B - A kind of method and apparatus authenticating dynamic password - Google Patents

A kind of method and apparatus authenticating dynamic password Download PDF

Info

Publication number
CN105827652B
CN105827652B CN201610350413.1A CN201610350413A CN105827652B CN 105827652 B CN105827652 B CN 105827652B CN 201610350413 A CN201610350413 A CN 201610350413A CN 105827652 B CN105827652 B CN 105827652B
Authority
CN
China
Prior art keywords
token
dynamic
serial number
client
dynamic password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610350413.1A
Other languages
Chinese (zh)
Other versions
CN105827652A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201610350413.1A priority Critical patent/CN105827652B/en
Publication of CN105827652A publication Critical patent/CN105827652A/en
Priority to PCT/CN2017/078542 priority patent/WO2017202136A1/en
Priority to US16/092,500 priority patent/US11064358B2/en
Application granted granted Critical
Publication of CN105827652B publication Critical patent/CN105827652B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Abstract

The invention discloses a kind of methods and apparatus for authenticating dynamic password to obtain the token serial number of the NFC dynamic token and the dynamic password from the NFC dynamic token method includes the following steps: client and NFC dynamic token establish NFC communication;The client encrypts the dynamic password, is obtained third ciphertext, and the third ciphertext, second random number and the token serial number are sent to token server using the token serial number and the second random number itself saved;The client receives the certification success message or authentification failure message that application server returns.The present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent to token server and is authenticated, and avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improves the safety of dynamic token.

Description

A kind of method and apparatus authenticating dynamic password
Technical field
The present invention relates to information security fields, more particularly to a kind of method and apparatus for authenticating dynamic password.
Background technique
Dynamic token is a kind of equipment for generating dynamic password, is widely used in Internetbank, telecom operators and electronics The application fields such as government affairs.Dynamic token dynamic password generated can be used for authentication, can effectively improve authentication Safety.
In the prior art, it after dynamic token generates dynamic password, needs that dynamic password is manually entered into webpage by user Or client, it is easy error, and safety is poor.
Summary of the invention
The present invention provides a kind of methods and apparatus for authenticating dynamic password, to solve dynamic token peace in the prior art The poor defect of full property.
The present invention provides a kind of methods for authenticating dynamic password, comprising the following steps:
Client and NFC dynamic token establish NFC communication, obtain the token serial number of the NFC dynamic token and come From the dynamic password of the NFC dynamic token;
The client carries out the dynamic password using the token serial number and the second random number itself saved Encryption obtains third ciphertext, and the third ciphertext, second random number and the token serial number is sent the clothes that give token Business device;
The client receives the certification success message or authentification failure message that application server returns.
The present invention also provides a kind of methods for authenticating dynamic password, comprising the following steps:
Token server receives third ciphertext, the second random number and token serial number from client, uses the order Card sequence number and second random number, are decrypted the third ciphertext, obtain dynamic password;
The token server retrieves corresponding seed file according to the token serial number, uses the kind Ziwen retrieved Part authenticates the dynamic password, if certification passes through, sends certification success message to application server;Otherwise, to Application server sends authentification failure message.
The present invention also provides a kind of clients, comprising:
Communication module, for establishing NFC communication with NFC dynamic token;
First obtains module, for obtaining the token serial number of the NFC dynamic token;
Second obtains module, for obtaining the dynamic password from the NFC dynamic token;
Memory module, for saving the second random number;
Encrypting module adds the dynamic password for using the token serial number and second random number It is close, obtain third ciphertext;
Sending module, for the transmission of the third ciphertext, second random number and the token serial number to give token Server;
Receiving module, for receiving the certification success message or authentification failure message of application server return.
The present invention also provides a kind of token servers, comprising:
Receiving module, for receiving third ciphertext, the second random number and token serial number from client;
Deciphering module solves the third ciphertext for using the token serial number and second random number It is close, obtain dynamic password;
Retrieval module, for retrieving corresponding seed file according to the token serial number;
Authentication module, the seed file for being retrieved using the retrieval module, authenticates the dynamic password;
Sending module, for being sent to application server after the authentication module passes through the dynamic password authentication Authenticate success message;After the authentication module does not pass through the dynamic password authentication, certification is sent to application server and is lost Lose message.
The present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent to order Board server is authenticated, and user is avoided to malfunction and divulge a secret when being manually entered dynamic password, improves the safety of dynamic token Property.
Detailed description of the invention
Fig. 1 is the method flow diagram that one of embodiment of the present invention authenticates dynamic password;
Fig. 2 is the method flow diagram of another certification dynamic password in the embodiment of the present invention;
Fig. 3 is the structural schematic diagram of one of embodiment of the present invention client;
Fig. 4 is the structural schematic diagram of one of embodiment of the present invention token server.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
The embodiment of the invention provides a kind of methods for authenticating dynamic password, as shown in Figure 1, comprising the following steps:
Step 101, client and NFC (Near Field Communication, near-field communication) dynamic token establish NFC Communication.
Step 102, client sends the second instruction to NFC dynamic token, receives the sequence of tokens that NFC dynamic token returns Number, and the token serial number is saved.
For example, client sends the second instruction " 0x4402043A " to NFC dynamic token, receives NFC dynamic token and return Token serial number " 15357 ".
Step 103, client sends third instruction to NFC dynamic token, receives the dynamic mouth that NFC dynamic token returns It enables.
For example, client sends third instruction " 0x44020110 " to NFC dynamic token, receives NFC dynamic token and return Dynamic password " 355569 ".
Step 104, client adds dynamic password using token serial number and the second random number itself saved It is close, third ciphertext is obtained, and third ciphertext, the second random number and token serial number are sent to token server.
Specifically, the second generating random number encryption key that client is saved according to itself, generates according to token serial number Initialization vector encrypts dynamic password using encryption key and initialization vector, obtains third ciphertext.
In the present embodiment, client can be hashed the second random number and preset value, using obtained hashed value as Encryption key;Token serial number and preset value are hashed, using obtained hashed value as initialization vector.Wherein, second Random number can be utc number of seconds.
For example, client is using the second random number " 0x297A " and token serial number " 15357 " to dynamic password " 355569 " are encrypted, and are obtained third ciphertext " D465A1 ", and by third ciphertext " D465A1 ", the second random number " 0x297A " Token server is sent to token serial number " 15357 ".
Step 105, token server is close to the third received using the token serial number and the second random number received Text is decrypted, and obtains dynamic password.
Specifically, token server is according to the second generating random number encryption key received, according to the token received Sequence number generates initialization vector and is decrypted, is obtained to the third ciphertext received using encryption key and initialization vector Dynamic password.
In the present embodiment, token server can be hashed the second random number and preset value received, will be obtained Hashed value as encryption key;The token serial number and preset value that receive are hashed, using obtained hashed value as Initialization vector.
For example, token server uses the token serial number " 15357 " and the second random number " 0x297A " received, docking The third ciphertext " D465A1 " received is decrypted, and obtains dynamic password " 355569 ".
Step 106, token server retrieves corresponding seed file according to the token serial number that receives, using retrieving Seed file, the obtained dynamic password of decryption is authenticated, if certification passes through, thens follow the steps 107;Otherwise, it executes Step 110.
For example, token server retrieves corresponding seed file according to the token serial number " 15357 " received " 0x8D5828922FEBFC8597 ", and the seed file is used, the dynamic password " 355569 " obtained to decryption authenticates.
Step 107, token server sends certification success message to application server.
Step 108, application server sends certification success message to client.
Step 109, client shows authentication success message according to the certification success message received.
Step 110, token server sends authentification failure message to application server.
Step 111, application server sends authentification failure message to client.
Step 112, client shows authentication failure message according to the authentification failure message received.
The embodiment of the present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent out It gives token server to be authenticated, avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improve dynamic token Safety.
The embodiment of the invention also provides the methods of another certification dynamic password, as shown in Figure 2, comprising the following steps:
Step 201, client and NFC dynamic token establish NFC communication.
Step 202, client sends third instruction to NFC dynamic token, receives the dynamic mouth that NFC dynamic token returns It enables.
For example, client sends third instruction " 0x44020110 " to NFC dynamic token, receives NFC dynamic token and return Dynamic password " 355569 ".
Step 203, client obtains corresponding token serial number according to user name, using token serial number and itself saves The second random number dynamic password is encrypted, obtain third ciphertext, and by third ciphertext, the second random number and sequence of tokens Number it is sent to token server.
Specifically, the second generating random number encryption key that client is saved according to itself, generates according to token serial number Initialization vector encrypts dynamic password using encryption key and initialization vector, obtains third ciphertext.
In the present embodiment, client can be hashed the second random number and preset value, using obtained hashed value as Encryption key;Token serial number and preset value are hashed, using obtained hashed value as initialization vector.Wherein, second Random number can be utc number of seconds.
For example, client obtains corresponding token serial number " 15357 " according to user name " admin ", it is random using second Number " 0x297A " and token serial number " 15357 " encrypt dynamic password " 355569 ", obtain third ciphertext " D465A1 ", And third ciphertext " D465A1 ", the second random number " 0x297A " and token serial number " 15357 " are sent to token server.
Step 204, token server is close to the third received using the token serial number and the second random number received Text is decrypted, and obtains dynamic password.
Specifically, token server is according to the second generating random number encryption key received, according to the token received Sequence number generates initialization vector and is decrypted, is obtained to the third ciphertext received using encryption key and initialization vector Dynamic password.
In the present embodiment, token server can be hashed the second random number and preset value received, will be obtained Hashed value as encryption key;The token serial number and preset value that receive are hashed, using obtained hashed value as Initialization vector.
For example, token server uses the token serial number " 15357 " and the second random number " 0x297A " received, docking The third ciphertext " D465A1 " received is decrypted, and obtains dynamic password " 355569 ".
Step 205, token server retrieves corresponding seed file according to the token serial number received and token deviates Value, using the seed file and token deviant retrieved, the dynamic password obtained to decryption is authenticated, if certification is logical It crosses, thens follow the steps 206;Otherwise, step 209 is executed.
For example, token server retrieves corresponding seed file according to the token serial number " 15357 " received " 0x8D5828922FEBFC8597 " and token deviant " 254 ", and the seed file and token deviant are used, to decrypting To dynamic password " 355569 " authenticated.
Step 206, token server sends certification success message to application server.
Step 207, application server sends certification success message to client.
Step 208, client shows authentication success message according to the certification success message received.
Step 209, token server sends authentification failure message to application server.
Step 210, application server sends authentification failure message to client.
Step 211, client shows authentication failure message according to the authentification failure message received.
The dynamic password that NFC dynamic token generates is sent to mobile device by the channel NFC by the embodiment of the present invention, is avoided User malfunctions and divulges a secret when being manually entered dynamic password, improves the safety of dynamic token.
It should be noted that client can also obtain the token of user's input in other embodiments of the invention Sequence number encrypts dynamic password using the token serial number and the second random number itself saved, obtains third ciphertext, And third ciphertext, the second random number and token serial number are sent to token server, it equally can be realized invention of the invention Purpose.
For example, client obtains the token serial number " 15357 " of user's input, using the second random number " 0x297A " and enable Card sequence number " 15357 " encrypts dynamic password " 355569 ", obtains third ciphertext " D465A1 ", and by third ciphertext " D465A1 ", the second random number " 0x297A " and token serial number " 15357 " are sent to token server.
In addition, token server using seed file and token deviant, authenticate to dynamic password after passing through, may be used also To be updated to token deviant.
The embodiment of the present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent out It gives token server to be authenticated, avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improve dynamic token Safety.
Based on the method for above-mentioned certification dynamic password, the embodiment of the invention also provides a kind of clients, comprising:
Communication module 310, for establishing NFC communication with NFC dynamic token;
First obtains module 320, for obtaining the token serial number of the NFC dynamic token;
Second obtains module 330, for obtaining the dynamic password from the NFC dynamic token;
Memory module 340, for saving the second random number;
Encrypting module 350 carries out the dynamic password for using the token serial number and second random number Encryption, obtains third ciphertext;
Sending module 360, for the third ciphertext, second random number and the token serial number to be sent to order Board server;
Receiving module 370, for receiving the certification success message or authentification failure message of application server return.
Specifically, above-mentioned first module 320 is obtained, is specifically used for sending the second instruction to the NFC dynamic token, receives The token serial number that the NFC dynamic token returns;
Alternatively, obtaining corresponding token serial number according to user name.
Further, above-mentioned encrypting module 350, comprising:
First generates submodule, for according to the second generating random number encryption key;
Second generates submodule, for generating initialization vector according to the token serial number;
Submodule is encrypted, for using the encryption key and the initialization vector, the dynamic password is added It is close, obtain third ciphertext.
Further, above-mentioned first submodule is generated, specifically for being hashed to second random number and preset value, Using obtained hashed value as encryption key;
Above-mentioned second generates submodule, specifically for hashing to the token serial number and preset value, by what is obtained Hashed value is as initialization vector.
Further, above-mentioned second module 330 is obtained, is specifically used for sending third instruction to the NFC dynamic token, connects Receive the dynamic password that the NFC dynamic token returns.
The embodiment of the present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent out It gives token server to be authenticated, avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improve dynamic token Safety.
Based on the method for above-mentioned certification dynamic password, the embodiment of the invention also provides a kind of token servers, such as Fig. 4 institute Show, comprising:
Receiving module 410, for receiving third ciphertext, the second random number and token serial number from client;
Deciphering module 420 carries out the third ciphertext for using the token serial number and second random number Decryption, obtains dynamic password;
Retrieval module 430, for retrieving corresponding seed file according to the token serial number;
Authentication module 440, the seed file for being retrieved using the retrieval module, recognizes the dynamic password Card;
Sending module 450, for being sent out to application server after the authentication module passes through the dynamic password authentication Send certification success message;After the authentication module does not pass through the dynamic password authentication, sends and authenticate to application server Failed message.
Specifically, above-mentioned retrieval module 430, be specifically used for being retrieved according to the token serial number corresponding seed file and Token deviant;
Correspondingly, above-mentioned authentication module 440, specifically for the seed file and token retrieved using the retrieval module Deviant authenticates the dynamic password.
Further, above-mentioned deciphering module 420, comprising:
First generates submodule, for according to the second generating random number encryption key;
Second generates submodule, for generating initialization vector according to the token serial number;
Submodule is decrypted, for using the encryption key and the initialization vector, the third ciphertext is solved It is close, obtain dynamic password.
Further, above-mentioned first submodule is generated, specifically for being hashed to second random number and preset value, Using obtained hashed value as encryption key.
Above-mentioned second generates submodule, specifically for hashing to the token serial number and preset value, by what is obtained Hashed value is as initialization vector.
The embodiment of the present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent out It gives token server to be authenticated, avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improve dynamic token Safety.
Step in method described in conjunction with the examples disclosed in this document can directly use hardware, processor to execute The combination of software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field In any other form of storage medium well known to interior.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (18)

1. a kind of method for authenticating dynamic password, which comprises the following steps:
Client and NFC dynamic token establish NFC communication, obtain the token serial number of the NFC dynamic token and from institute State the dynamic password of NFC dynamic token;
The client adds the dynamic password using the token serial number and the second random number itself saved It is close, third ciphertext is obtained, and the third ciphertext, second random number and the token serial number are sent to token service Device;
The client receives the certification success message or authentification failure message that application server returns;
The client encrypts dynamic password, is obtained using the token serial number and the second random number itself saved To third ciphertext, specifically:
The client according to the second generating random number encryption key, according to the token serial number generate initialization to Amount, using the encryption key and the initialization vector, encrypts the dynamic password, obtains third ciphertext.
2. the method as described in claim 1, which is characterized in that the client obtains the token sequence of the NFC dynamic token Row number, specifically:
The client sends the second instruction to the NFC dynamic token, receives the sequence of tokens that the NFC dynamic token returns Number;
Alternatively,
The client obtains corresponding token serial number according to user name.
3. the method as described in claim 1, which is characterized in that the client encrypts close according to second generating random number Key, specifically:
The client hashes second random number and preset value, using obtained hashed value as encryption key;
The client generates initialization vector according to the token serial number, specifically:
The client hashes the token serial number and preset value, using obtained hashed value as initialization vector.
4. the method as described in claim 1, which is characterized in that the client obtains dynamic from the NFC dynamic token State password, specifically:
The client sends third instruction to the NFC dynamic token, receives the dynamic mouth that the NFC dynamic token returns It enables.
5. a kind of method for authenticating dynamic password, which comprises the following steps:
Token server receives third ciphertext, the second random number and token serial number from client, uses the token sequence Row number and second random number, are decrypted the third ciphertext, obtain what the client was arrived by NFC channel reception Dynamic password from NFC dynamic token;
The token server retrieves corresponding seed file according to the token serial number, using the seed file retrieved, The dynamic password is authenticated, if certification passes through, sends certification success message to application server;Otherwise, Xiang Ying Authentification failure message is sent with server.
6. method as claimed in claim 5, which is characterized in that the token server is according to token serial number retrieval pair The seed file answered authenticates the dynamic password using the seed file retrieved, specifically:
The token server retrieves corresponding seed file and token deviant according to the token serial number, using retrieving Seed file and token deviant, the dynamic password is authenticated.
7. method as claimed in claim 5, which is characterized in that the token server uses the token serial number and described Second random number is decrypted the third ciphertext, obtains dynamic password, specifically:
The token server is generated according to the token serial number and is initialized according to the second generating random number encryption key Vector is decrypted the third ciphertext, is obtained dynamic password using the encryption key and the initialization vector.
8. the method for claim 7, which is characterized in that the token server adds according to second generating random number Key, specifically:
The token server hashes second random number and preset value, and obtained hashed value is close as encrypting Key.
9. the method for claim 7, which is characterized in that the token server generates just according to the token serial number Beginningization vector, specifically:
The token server hashes the token serial number and preset value, using obtained hashed value as initialization to Amount.
10. a kind of client characterized by comprising
Communication module, for establishing NFC communication with NFC dynamic token;
First obtains module, for obtaining the token serial number of the NFC dynamic token;
Second obtains module, for obtaining the dynamic password from the NFC dynamic token;
Memory module, for saving the second random number;
Encrypting module encrypts the dynamic password, obtains for using the token serial number and second random number To third ciphertext;
Sending module, for the third ciphertext, second random number and the token serial number to be sent to token service Device;
Receiving module, for receiving the certification success message or authentification failure message of application server return;
The encrypting module, comprising:
First generates submodule, for according to the second generating random number encryption key;
Second generates submodule, for generating initialization vector according to the token serial number;
Submodule is encrypted, for using the encryption key and the initialization vector, the dynamic password is encrypted, is obtained To third ciphertext.
11. client as claimed in claim 10, which is characterized in that
Described first obtains module, is specifically used for sending the second instruction to the NFC dynamic token, receives the NFC dynamic and enables The token serial number that board returns;
Alternatively, obtaining corresponding token serial number according to user name.
12. client as claimed in claim 10, which is characterized in that
Described first generates submodule, specifically for hashing to second random number and preset value, the hash that will be obtained Value is used as encryption key;
Described second generates submodule, specifically for hashing to the token serial number and preset value, the hash that will be obtained Value is used as initialization vector.
13. client as claimed in claim 10, which is characterized in that
Described second obtains module, is specifically used for sending third instruction to the NFC dynamic token, receives the NFC dynamic and enables The dynamic password that board returns.
14. a kind of token server characterized by comprising
Receiving module, for receiving third ciphertext, the second random number and token serial number from client;
Deciphering module is decrypted the third ciphertext, obtains for using the token serial number and second random number The dynamic password from NFC dynamic token arrived to the client by NFC channel reception;
Retrieval module, for retrieving corresponding seed file according to the token serial number;
Authentication module, the seed file for being retrieved using the retrieval module, authenticates the dynamic password;
Sending module, for sending and authenticating to application server after the authentication module passes through the dynamic password authentication Success message;After the authentication module does not pass through the dynamic password authentication, authentification failure is sent to application server and is disappeared Breath.
15. token server as claimed in claim 14, which is characterized in that
The retrieval module is specifically used for retrieving corresponding seed file and token deviant according to the token serial number;
The authentication module, specifically for the seed file and token deviant retrieved using the retrieval module, to described Dynamic password is authenticated.
16. token server as claimed in claim 14, which is characterized in that the deciphering module, comprising:
First generates submodule, for according to the second generating random number encryption key;
Second generates submodule, for generating initialization vector according to the token serial number;
Submodule is decrypted, for using the encryption key and the initialization vector, the third ciphertext is decrypted, is obtained To dynamic password.
17. token server as claimed in claim 16, which is characterized in that
Described first generates submodule, specifically for hashing to second random number and preset value, the hash that will be obtained Value is used as encryption key.
18. token server as claimed in claim 16, which is characterized in that
Described second generates submodule, specifically for hashing to the token serial number and preset value, the hash that will be obtained Value is used as initialization vector.
CN201610350413.1A 2016-05-24 2016-05-24 A kind of method and apparatus authenticating dynamic password Active CN105827652B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201610350413.1A CN105827652B (en) 2016-05-24 2016-05-24 A kind of method and apparatus authenticating dynamic password
PCT/CN2017/078542 WO2017202136A1 (en) 2016-05-24 2017-03-29 One-time-password authentication method and device
US16/092,500 US11064358B2 (en) 2016-05-24 2017-03-29 One-time-password authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610350413.1A CN105827652B (en) 2016-05-24 2016-05-24 A kind of method and apparatus authenticating dynamic password

Publications (2)

Publication Number Publication Date
CN105827652A CN105827652A (en) 2016-08-03
CN105827652B true CN105827652B (en) 2019-06-18

Family

ID=56531104

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610350413.1A Active CN105827652B (en) 2016-05-24 2016-05-24 A kind of method and apparatus authenticating dynamic password

Country Status (1)

Country Link
CN (1) CN105827652B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017202136A1 (en) * 2016-05-24 2017-11-30 飞天诚信科技股份有限公司 One-time-password authentication method and device
CN111465008A (en) * 2019-01-21 2020-07-28 苹果公司 Initialization vector generation when performing encryption and authentication in wireless communications

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420297A (en) * 2008-09-08 2009-04-29 北京飞天诚信科技有限公司 Method and system for negotiating cipher
WO2013034681A1 (en) * 2011-09-08 2013-03-14 Ehrensvaerd Jakob Devices and methods for identification, authentication and signing purposes
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
CN104092545A (en) * 2014-06-30 2014-10-08 飞天诚信科技股份有限公司 Authentication system integrating various dynamic passwords and working method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420297A (en) * 2008-09-08 2009-04-29 北京飞天诚信科技有限公司 Method and system for negotiating cipher
WO2013034681A1 (en) * 2011-09-08 2013-03-14 Ehrensvaerd Jakob Devices and methods for identification, authentication and signing purposes
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
CN104092545A (en) * 2014-06-30 2014-10-08 飞天诚信科技股份有限公司 Authentication system integrating various dynamic passwords and working method thereof

Also Published As

Publication number Publication date
CN105827652A (en) 2016-08-03

Similar Documents

Publication Publication Date Title
US10911431B2 (en) Local encryption for single sign-on
US9330245B2 (en) Cloud-based data backup and sync with secure local storage of access keys
EP2304636B1 (en) Mobile device assisted secure computer network communications
US8737624B2 (en) Secure email communication system
US9866387B2 (en) Method and system for accessing device by a user
US20150195257A1 (en) Securing passwords against dictionary attacks
CN108809633B (en) Identity authentication method, device and system
CN106878016A (en) Data is activation, method of reseptance and device
CN106100830B (en) A kind of method and apparatus that seed key being written in NFC dynamic token
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
Nyamtiga et al. Enhanced security model for mobile banking systems in Tanzania
US11438316B2 (en) Sharing encrypted items with participants verification
CN113204760B (en) Method and system for establishing secure channel for software cryptographic module
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN108206739A (en) Key generation method and device
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
CN103905388A (en) Authentication method, authentication device, smart card, and server
EP3119032A1 (en) Security management system for performing a secure transmission of data from a token to a service provider server by means of an identity provider server
CN102404337A (en) Data encryption method and device
US10211992B1 (en) Secure certificate pinning in user provisioned networks
CN105657699A (en) Safe data transmission method
CN105827652B (en) A kind of method and apparatus authenticating dynamic password
Dey et al. A light-weight authentication scheme based on message digest and location for mobile cloud computing
WO2017202136A1 (en) One-time-password authentication method and device
Sinnhofer et al. Patterns to establish a secure communication channel

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant